ThreatMetrix®, The Digital Identity Company®, today released its Q3 2016 Cybercrime Report that shows a sharp increase in the number and complexity of cyber attacks.

During what is traditionally a slow quarter, ThreatMetrix analyzed nearly 5 billion transactions, and stopped approximately 130 million attacks in real time — a 40 percent increase over 2015.

Mobile transactions grew almost 50 percent over the previous year to represent 43 percent of total network traffic.

Cross-border transactions are also on the rise, representing one in five transactions in the Network. Despite their growth, these transactions are considered riskier than domestic transactions and rejected twice as much.

As we approach the 2016 holiday shopping season, ThreatMetrix is predicting a sharp increase in cyber attacks targeting key retailers, with a potential 50 million cybercrime attacks over the peak shopping week.

“The ThreatMetrix Q3 report does a good job of depicting the escalating cyberattacks that merchants and financial institutions must deal with. Add to this the fact that more consumers than ever will shop online this holiday season, and 2016 promises to be a banner year for fraudsters,” said Julie Conroy, research director at Aite Group. “It’s more important than ever for online merchants to employ technology that can help them effectively differentiate good customers from bad.”

The Evolving Anatomy of a Fraud Attack

“Attacks have evolved from being one-dimensional with a singular purpose to being a Frankenstein’s monster of attack vectors, using bots, social engineering and remote access stealth in various combinations,” says Vanita Pandey, vice president of strategy and product marketing at ThreatMetrix. “Fraud prevention is no longer simply about timely detection but about getting under the skin of evolving attack patterns to better thwart the rise of cybercrime.”

Fraudsters’ ability to pose as legitimate customers is one of the greatest challenges faced by global digital businesses, as this can lead to an increase in account takeover and new account creation fraud — both of which are on the rise. New account creations are rejected at a rate of one in ten transactions, demonstrating a widespread and pernicious use of stolen identity credentials. Stolen identities are often stitched together using a patchwork quilt of data elements harvested from separate breaches, then repackaged and sold at a premium.

“Identity data is the critical currency for perpetrating online fraud. While attacks are multi-faceted, global and ever-evolving, they have a singular focus: stealing, validating, augmenting and selling identity credentials to make future attacks more lucrative,” Pandey says. “Cybercrime is increasing — our latest statistics prove that — but we can stay one step ahead with innovative approaches that derail fraudsters and strike the right balance between protecting businesses and minimizing friction for users.”

Cybercrime Trends by Industry

E-commerce: As digital e-commerce transactions have grown, bot attacks continue to be widespread and persistent, often nearly equalling legitimate customer traffic. Q3 2016 saw 76 million blocked e-commerce transactions — a 60 percent increase over the third quarter 2015. Attacks on logins and payment transactions grew 30 percent and 70 percent, respectively, over the previous year — a trend that will likely pick up steam into the 2016 holiday season.

Financial services: Growth of online financial services transactions continued to be driven by mobile: For the first quarter ever, more than half of all financial services transactions came from mobile devices, and mobile banking transactions grew by 250 percent over Q3 2015. Attacks on payment transactions continued to grow, and login attacks in the FinTech space took a massive jump after a large bot attack on one specific e-lender.

Digital media/social networks: Blocked transactions rates for media are growing quarter-on-quarter as fraudsters test stolen credentials on sites that traditionally have modest sign-up and authentication requirements. Attacks on new account creations have gone up by almost 400 percent compared to Q3 2015.

About the ThreatMetrix Q3 2016 Cybercrime Report

The ThreatMetrix Q3 Cybercrime Report is based on actual cybercrime attacks from July to September 2016 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.